chore(kbn-failed-test-reporter): use a safer hashing algorithm (elastic#262734)

TamerlanG · web-flow · commit 7fdf33f9fe01 · 2026-04-13T15:21:04.000+02:00
diff --git a/packages/kbn-eslint-plugin-eslint/rules/no_unsafe_hash.js b/packages/kbn-eslint-plugin-eslint/rules/no_unsafe_hash.js
@@ -27,14 +27,6 @@ const ALLOWED_UNSAFE_HASHES = [
     path: 'src/platform/packages/shared/kbn-babel-register/cache/lmdb_cache.js',
     algorithms: ['sha1'],
   },
-  {
-    path: 'packages/kbn-failed-test-reporter-cli/failed_tests_reporter/report_failures_to_file.ts',
-    algorithms: ['md5'],
-  },
-  {
-    path: 'packages/kbn-failed-test-reporter-cli/failed_tests_reporter/generate_scout_test_failure_artifacts.ts',
-    algorithms: ['md5'],
-  },
 ];
 
 const allowedAlgorithms = ['sha256', 'sha3-256', 'sha512'];
diff --git a/packages/kbn-eslint-plugin-eslint/rules/no_unsafe_hash.test.js b/packages/kbn-eslint-plugin-eslint/rules/no_unsafe_hash.test.js
@@ -69,17 +69,6 @@ ruleTester.run('@kbn/eslint/no_unsafe_hash', rule, {
       `,
       filename: path.resolve(KIBANA_ROOT, 'packages/kbn-optimizer/src/common/dll_manifest.ts'),
     },
-    // valid: md5 in a file that has an allowlist entry for md5
-    {
-      code: dedent`
-       import { createHash } from 'crypto';
-       createHash('md5');
-      `,
-      filename: path.resolve(
-        KIBANA_ROOT,
-        'packages/kbn-failed-test-reporter-cli/failed_tests_reporter/report_failures_to_file.ts'
-      ),
-    },
   ],
 
   invalid: [
diff --git a/packages/kbn-failed-test-reporter-cli/failed_tests_reporter/generate_scout_test_failure_artifacts.ts b/packages/kbn-failed-test-reporter-cli/failed_tests_reporter/generate_scout_test_failure_artifacts.ts
@@ -54,7 +54,7 @@ export async function generateScoutTestFailureArtifacts({
       const htmlFilePath = Path.join(dirPath, htmlReportFilename);
       const failureHTML = fs.readFileSync(htmlFilePath, 'utf-8');
 
-      const hash = createHash('md5').update(name).digest('hex');
+      const hash = createHash('sha256').update(name).digest('hex');
       const filenameBase = `${
         process.env.BUILDKITE_JOB_ID ? process.env.BUILDKITE_JOB_ID + '_' : ''
       }${hash}`;
diff --git a/packages/kbn-failed-test-reporter-cli/failed_tests_reporter/report_failures_to_file.ts b/packages/kbn-failed-test-reporter-cli/failed_tests_reporter/report_failures_to_file.ts
@@ -127,7 +127,7 @@ export async function reportFailuresToFile(
   // Jest could, in theory, fail 1000s of tests and write 1000s of failures
   // So let's just write files for the first 20
   for (const failure of failures.slice(0, 20)) {
-    const hash = createHash('md5').update(failure.name).digest('hex');
+    const hash = createHash('sha256').update(failure.name).digest('hex');
     const filenameBase = `${
       process.env.BUILDKITE_JOB_ID ? process.env.BUILDKITE_JOB_ID + '_' : ''
     }${hash}`;
